2 Unix SMB/CIFS implementation.
3 Password and authentication handling
4 Copyright (C) Andrew Bartlett 2002
5 Copyright (C) Jelmer Vernooij 2002
6 Copyright (C) Simo Sorce 2003
7 Copyright (C) Volker Lendecke 2006
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 3 of the License, or
12 (at your option) any later version.
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
19 You should have received a copy of the GNU General Public License
20 along with this program. If not, see <http://www.gnu.org/licenses/>.
24 #include "system/passwd.h"
29 #include "../librpc/gen_ndr/samr.h"
30 #include "../librpc/gen_ndr/drsblobs.h"
31 #include "../librpc/gen_ndr/ndr_drsblobs.h"
32 #include "../librpc/gen_ndr/idmap.h"
33 #include "../lib/util/memcache.h"
34 #include "nsswitch/winbind_client.h"
35 #include "../libcli/security/security.h"
36 #include "../lib/util/util_pw.h"
37 #include "passdb/pdb_secrets.h"
38 #include "lib/util_sid_passdb.h"
39 #include "idmap_cache.h"
40 #include "lib/util/string_wrappers.h"
41 #include "lib/global_contexts.h"
44 #define DBGC_CLASS DBGC_PASSDB
48 static struct pdb_init_function_entry *backends = NULL;
50 static void lazy_initialize_passdb(void)
52 static bool initialized = False;
56 static_init_pdb(NULL);
60 static bool lookup_global_sam_rid(TALLOC_CTX *mem_ctx, uint32_t rid,
62 enum lsa_SidType *psid_name_use,
63 uid_t *uid, gid_t *gid);
65 NTSTATUS smb_register_passdb(int version, const char *name, pdb_init_function init)
67 struct pdb_init_function_entry *entry = NULL;
69 if(version != PASSDB_INTERFACE_VERSION) {
70 DEBUG(0,("Can't register passdb backend!\n"
71 "You tried to register a passdb module with PASSDB_INTERFACE_VERSION %d, "
72 "while this version of samba uses version %d\n",
73 version,PASSDB_INTERFACE_VERSION));
74 return NT_STATUS_OBJECT_TYPE_MISMATCH;
78 return NT_STATUS_INVALID_PARAMETER;
81 DEBUG(5,("Attempting to register passdb backend %s\n", name));
83 /* Check for duplicates */
84 if (pdb_find_backend_entry(name)) {
85 DEBUG(0,("There already is a passdb backend registered with the name %s!\n", name));
86 return NT_STATUS_OBJECT_NAME_COLLISION;
89 entry = SMB_XMALLOC_P(struct pdb_init_function_entry);
90 entry->name = smb_xstrdup(name);
93 DLIST_ADD(backends, entry);
94 DEBUG(5,("Successfully added passdb backend '%s'\n", name));
98 struct pdb_init_function_entry *pdb_find_backend_entry(const char *name)
100 struct pdb_init_function_entry *entry = backends;
103 if (strcmp(entry->name, name)==0) return entry;
110 const struct pdb_init_function_entry *pdb_get_backends(void)
117 * The event context for the passdb backend. I know this is a bad hack and yet
118 * another static variable, but our pdb API is a global thing per
119 * definition. The first use for this is the LDAP idle function, more might be
122 * I don't feel too bad about this static variable, it replaces the
123 * smb_idle_event_list that used to exist in lib/module.c. -- VL
126 static struct tevent_context *pdb_tevent_ctx;
128 struct tevent_context *pdb_get_tevent_context(void)
130 return pdb_tevent_ctx;
133 /******************************************************************
134 Make a pdb_methods from scratch
135 *******************************************************************/
137 NTSTATUS make_pdb_method_name(struct pdb_methods **methods, const char *selected)
139 char *module_name = smb_xstrdup(selected);
140 char *module_location = NULL, *p;
141 struct pdb_init_function_entry *entry;
144 lazy_initialize_passdb();
146 p = strchr(module_name, ':');
150 module_location = p+1;
151 trim_char(module_location, ' ', ' ');
154 trim_char(module_name, ' ', ' ');
157 DEBUG(5,("Attempting to find a passdb backend to match %s (%s)\n", selected, module_name));
159 entry = pdb_find_backend_entry(module_name);
161 /* Try to find a module that contains this module */
163 DEBUG(2,("No builtin backend found, trying to load plugin\n"));
164 if(NT_STATUS_IS_OK(smb_probe_module("pdb", module_name)) && !(entry = pdb_find_backend_entry(module_name))) {
165 DEBUG(0,("Plugin is available, but doesn't register passdb backend %s\n", module_name));
166 SAFE_FREE(module_name);
167 return NT_STATUS_UNSUCCESSFUL;
171 /* No such backend found */
173 DEBUG(0,("No builtin nor plugin backend for %s found\n", module_name));
174 SAFE_FREE(module_name);
175 return NT_STATUS_INVALID_PARAMETER;
178 DEBUG(5,("Found pdb backend %s\n", module_name));
180 nt_status = entry->init(methods, module_location);
181 if (!NT_STATUS_IS_OK(nt_status)) {
182 DEBUG(0,("pdb backend %s did not correctly init (error was %s)\n",
183 selected, nt_errstr(nt_status)));
184 SAFE_FREE(module_name);
188 SAFE_FREE(module_name);
190 DEBUG(5,("pdb backend %s has a valid init\n", selected));
195 /******************************************************************
196 Return an already initialized pdb_methods structure
197 *******************************************************************/
199 static struct pdb_methods *pdb_get_methods_reload( bool reload )
201 static struct pdb_methods *pdb = NULL;
202 const char *backend = lp_passdb_backend();
203 NTSTATUS status = NT_STATUS_OK;
205 if ( pdb && reload ) {
206 if (pdb->free_private_data != NULL) {
207 pdb->free_private_data( &(pdb->private_data) );
209 status = make_pdb_method_name(&pdb, backend);
213 status = make_pdb_method_name(&pdb, backend);
216 if (!NT_STATUS_IS_OK(status)) {
223 static struct pdb_methods *pdb_get_methods(void)
225 struct pdb_methods *pdb;
227 pdb = pdb_get_methods_reload(false);
230 if (asprintf(&msg, "pdb_get_methods: "
231 "failed to get pdb methods for backend %s\n",
232 lp_passdb_backend()) > 0) {
235 smb_panic("pdb_get_methods");
242 struct pdb_domain_info *pdb_get_domain_info(TALLOC_CTX *mem_ctx)
244 struct pdb_methods *pdb = pdb_get_methods();
245 return pdb->get_domain_info(pdb, mem_ctx);
249 * @brief Check if the user account has been locked out and try to unlock it.
251 * If the user has been automatically locked out and a lockout duration is set,
252 * then check if we can unlock the account and reset the bad password values.
254 * @param[in] sampass The sam user to check.
256 * @return True if the function was successful, false on an error.
258 static bool pdb_try_account_unlock(struct samu *sampass)
260 uint32_t acb_info = pdb_get_acct_ctrl(sampass);
262 if ((acb_info & ACB_NORMAL) && (acb_info & ACB_AUTOLOCK)) {
263 uint32_t lockout_duration;
264 time_t bad_password_time;
265 time_t now = time(NULL);
268 ok = pdb_get_account_policy(PDB_POLICY_LOCK_ACCOUNT_DURATION,
271 DEBUG(0, ("pdb_try_account_unlock: "
272 "pdb_get_account_policy failed.\n"));
276 if (lockout_duration == (uint32_t) -1 ||
277 lockout_duration == 0) {
278 DEBUG(9, ("pdb_try_account_unlock: No reset duration, "
279 "can't reset autolock\n"));
282 lockout_duration *= 60;
284 bad_password_time = pdb_get_bad_password_time(sampass);
285 if (bad_password_time == (time_t) 0) {
286 DEBUG(2, ("pdb_try_account_unlock: Account %s "
287 "administratively locked out "
288 "with no bad password "
289 "time. Leaving locked out.\n",
290 pdb_get_username(sampass)));
294 if ((bad_password_time +
295 convert_uint32_t_to_time_t(lockout_duration)) < now) {
298 pdb_set_acct_ctrl(sampass, acb_info & ~ACB_AUTOLOCK,
300 pdb_set_bad_password_count(sampass, 0, PDB_CHANGED);
301 pdb_set_bad_password_time(sampass, 0, PDB_CHANGED);
304 status = pdb_update_sam_account(sampass);
306 if (!NT_STATUS_IS_OK(status)) {
307 DEBUG(0, ("_samr_OpenUser: Couldn't "
308 "update account %s - %s\n",
309 pdb_get_username(sampass),
320 * @brief Get a sam user structure by the given username.
322 * This functions also checks if the account has been automatically locked out
323 * and unlocks it if a lockout duration time has been defined and the time has
326 * @param[in] sam_acct The sam user structure to fill.
328 * @param[in] username The username to look for.
330 * @return True on success, false on error.
332 bool pdb_getsampwnam(struct samu *sam_acct, const char *username)
334 struct pdb_methods *pdb = pdb_get_methods();
335 struct samu *for_cache;
336 const struct dom_sid *user_sid;
340 status = pdb->getsampwnam(pdb, sam_acct, username);
341 if (!NT_STATUS_IS_OK(status)) {
345 ok = pdb_try_account_unlock(sam_acct);
347 DEBUG(1, ("pdb_getsampwnam: Failed to unlock account %s\n",
351 for_cache = samu_new(NULL);
352 if (for_cache == NULL) {
356 if (!pdb_copy_sam_account(for_cache, sam_acct)) {
357 TALLOC_FREE(for_cache);
361 user_sid = pdb_get_user_sid(for_cache);
363 ok = memcache_add_talloc(NULL,
365 data_blob_const(user_sid, sizeof(*user_sid)),
368 TALLOC_FREE(for_cache);
374 /**********************************************************************
375 **********************************************************************/
377 static bool guest_user_info( struct samu *user )
381 const char *guestname = lp_guest_account();
383 pwd = Get_Pwnam_alloc(talloc_tos(), guestname);
385 DEBUG(0,("guest_user_info: Unable to locate guest account [%s]!\n",
390 result = samu_set_unix(user, pwd );
394 return NT_STATUS_IS_OK( result );
398 * @brief Get a sam user structure by the given username.
400 * This functions also checks if the account has been automatically locked out
401 * and unlocks it if a lockout duration time has been defined and the time has
405 * @param[in] sam_acct The sam user structure to fill.
407 * @param[in] sid The user SDI to look up.
409 * @return True on success, false on error.
411 bool pdb_getsampwsid(struct samu *sam_acct, const struct dom_sid *sid)
413 struct pdb_methods *pdb = pdb_get_methods();
418 /* hard code the Guest RID of 501 */
420 if ( !sid_peek_check_rid( get_global_sam_sid(), sid, &rid ) )
423 if ( rid == DOMAIN_RID_GUEST ) {
424 DEBUG(6,("pdb_getsampwsid: Building guest account\n"));
425 return guest_user_info( sam_acct );
428 /* check the cache first */
430 cache_data = memcache_lookup_talloc(
431 NULL, PDB_GETPWSID_CACHE, data_blob_const(sid, sizeof(*sid)));
433 if (cache_data != NULL) {
434 struct samu *cache_copy = talloc_get_type_abort(
435 cache_data, struct samu);
437 ok = pdb_copy_sam_account(sam_acct, cache_copy);
439 ok = NT_STATUS_IS_OK(pdb->getsampwsid(pdb, sam_acct, sid));
446 ok = pdb_try_account_unlock(sam_acct);
448 DEBUG(1, ("pdb_getsampwsid: Failed to unlock account %s\n",
449 sam_acct->username));
455 static NTSTATUS pdb_default_create_user(struct pdb_methods *methods,
456 TALLOC_CTX *tmp_ctx, const char *name,
457 uint32_t acb_info, uint32_t *rid)
459 const struct loadparm_substitution *lp_sub =
460 loadparm_s3_global_substitution();
461 struct samu *sam_pass;
465 if ((sam_pass = samu_new(tmp_ctx)) == NULL) {
466 return NT_STATUS_NO_MEMORY;
469 if ( !(pwd = Get_Pwnam_alloc(tmp_ctx, name)) ) {
470 char *add_script = NULL;
474 if ((acb_info & ACB_NORMAL) && name[strlen(name)-1] != '$') {
475 add_script = lp_add_user_script(tmp_ctx, lp_sub);
477 add_script = lp_add_machine_script(tmp_ctx, lp_sub);
480 if (!add_script || add_script[0] == '\0') {
481 DEBUG(3, ("Could not find user %s and no add script "
483 return NT_STATUS_NO_SUCH_USER;
486 /* lowercase the username before creating the Unix account for
487 compatibility with previous Samba releases */
488 fstrcpy( name2, name );
489 if (!strlower_m( name2 )) {
490 return NT_STATUS_INVALID_PARAMETER;
492 add_script = talloc_all_string_sub(tmp_ctx,
497 return NT_STATUS_NO_MEMORY;
499 add_ret = smbrun(add_script, NULL, NULL);
500 DEBUG(add_ret ? 0 : 3, ("_samr_create_user: Running the command `%s' gave %d\n",
501 add_script, add_ret));
503 smb_nscd_flush_user_cache();
508 pwd = Get_Pwnam_alloc(tmp_ctx, name);
511 DEBUG(3, ("Could not find user %s, add script did not work\n", name));
512 return NT_STATUS_NO_SUCH_USER;
516 /* we have a valid SID coming out of this call */
518 status = samu_alloc_rid_unix(methods, sam_pass, pwd);
522 if (!NT_STATUS_IS_OK(status)) {
523 DEBUG(3, ("pdb_default_create_user: failed to create a new user structure: %s\n", nt_errstr(status)));
527 if (!sid_peek_check_rid(get_global_sam_sid(),
528 pdb_get_user_sid(sam_pass), rid)) {
529 DEBUG(0, ("Could not get RID of fresh user\n"));
530 return NT_STATUS_INTERNAL_ERROR;
533 /* Use the username case specified in the original request */
535 pdb_set_username( sam_pass, name, PDB_SET );
537 /* Disable the account on creation, it does not have a reasonable password yet. */
539 acb_info |= ACB_DISABLED;
541 pdb_set_acct_ctrl(sam_pass, acb_info, PDB_CHANGED);
543 status = methods->add_sam_account(methods, sam_pass);
545 TALLOC_FREE(sam_pass);
550 NTSTATUS pdb_create_user(TALLOC_CTX *mem_ctx, const char *name, uint32_t flags,
553 struct pdb_methods *pdb = pdb_get_methods();
554 return pdb->create_user(pdb, mem_ctx, name, flags, rid);
557 /****************************************************************************
558 Delete a UNIX user on demand.
559 ****************************************************************************/
561 static int smb_delete_user(const char *unix_user)
563 const struct loadparm_substitution *lp_sub =
564 loadparm_s3_global_substitution();
565 char *del_script = NULL;
570 if ( strequal( unix_user, "root" ) ) {
571 DEBUG(0,("smb_delete_user: Refusing to delete local system root account!\n"));
575 del_script = lp_delete_user_script(talloc_tos(), lp_sub);
576 if (!del_script || !*del_script) {
579 del_script = talloc_all_string_sub(talloc_tos(),
586 ret = smbrun(del_script, NULL, NULL);
589 smb_nscd_flush_user_cache();
591 DEBUG(ret ? 0 : 3,("smb_delete_user: Running the command `%s' gave %d\n",del_script,ret));
596 static NTSTATUS pdb_default_delete_user(struct pdb_methods *methods,
598 struct samu *sam_acct)
603 status = methods->delete_sam_account(methods, sam_acct);
604 if (!NT_STATUS_IS_OK(status)) {
609 * Now delete the unix side ....
610 * note: we don't check if the delete really happened as the script is
611 * not necessary present and maybe the sysadmin doesn't want to delete
615 /* always lower case the username before handing it off to
618 fstrcpy( username, pdb_get_username(sam_acct) );
619 if (!strlower_m( username )) {
623 smb_delete_user( username );
628 NTSTATUS pdb_delete_user(TALLOC_CTX *mem_ctx, struct samu *sam_acct)
630 struct pdb_methods *pdb = pdb_get_methods();
633 const struct dom_sid *user_sid;
636 user_sid = pdb_get_user_sid(sam_acct);
638 /* sanity check to make sure we don't delete root */
640 if ( !sid_to_uid(user_sid, &uid ) ) {
641 return NT_STATUS_NO_SUCH_USER;
645 return NT_STATUS_ACCESS_DENIED;
648 memcache_delete(NULL,
650 data_blob_const(user_sid, sizeof(*user_sid)));
652 status = pdb->delete_user(pdb, mem_ctx, sam_acct);
653 if (!NT_STATUS_IS_OK(status)) {
657 msg_data = talloc_asprintf(mem_ctx, "USER %s",
658 pdb_get_username(sam_acct));
660 /* not fatal, and too late to rollback,
664 messaging_send_all(global_messaging_context(),
667 strlen(msg_data) + 1);
669 TALLOC_FREE(msg_data);
673 NTSTATUS pdb_add_sam_account(struct samu *sam_acct)
675 struct pdb_methods *pdb = pdb_get_methods();
676 return pdb->add_sam_account(pdb, sam_acct);
679 NTSTATUS pdb_update_sam_account(struct samu *sam_acct)
681 struct pdb_methods *pdb = pdb_get_methods();
683 memcache_flush(NULL, PDB_GETPWSID_CACHE);
685 return pdb->update_sam_account(pdb, sam_acct);
688 NTSTATUS pdb_delete_sam_account(struct samu *sam_acct)
690 struct pdb_methods *pdb = pdb_get_methods();
691 const struct dom_sid *user_sid = pdb_get_user_sid(sam_acct);
693 memcache_delete(NULL,
695 data_blob_const(user_sid, sizeof(*user_sid)));
697 return pdb->delete_sam_account(pdb, sam_acct);
700 NTSTATUS pdb_rename_sam_account(struct samu *oldname, const char *newname)
702 struct pdb_methods *pdb = pdb_get_methods();
706 memcache_flush(NULL, PDB_GETPWSID_CACHE);
708 /* sanity check to make sure we don't rename root */
710 if ( !sid_to_uid( pdb_get_user_sid(oldname), &uid ) ) {
711 return NT_STATUS_NO_SUCH_USER;
715 return NT_STATUS_ACCESS_DENIED;
718 status = pdb->rename_sam_account(pdb, oldname, newname);
720 /* always flush the cache here just to be safe */
726 NTSTATUS pdb_update_login_attempts(struct samu *sam_acct, bool success)
728 struct pdb_methods *pdb = pdb_get_methods();
729 return pdb->update_login_attempts(pdb, sam_acct, success);
732 bool pdb_getgrsid(GROUP_MAP *map, struct dom_sid sid)
734 struct pdb_methods *pdb = pdb_get_methods();
735 return NT_STATUS_IS_OK(pdb->getgrsid(pdb, map, sid));
738 bool pdb_getgrgid(GROUP_MAP *map, gid_t gid)
740 struct pdb_methods *pdb = pdb_get_methods();
741 return NT_STATUS_IS_OK(pdb->getgrgid(pdb, map, gid));
744 bool pdb_getgrnam(GROUP_MAP *map, const char *name)
746 struct pdb_methods *pdb = pdb_get_methods();
747 return NT_STATUS_IS_OK(pdb->getgrnam(pdb, map, name));
750 static NTSTATUS pdb_default_create_dom_group(struct pdb_methods *methods,
755 struct dom_sid group_sid;
757 struct dom_sid_buf tmp;
759 grp = getgrnam(name);
764 if (smb_create_group(name, &gid) != 0) {
765 return NT_STATUS_ACCESS_DENIED;
772 return NT_STATUS_ACCESS_DENIED;
775 if (pdb_capabilities() & PDB_CAP_STORE_RIDS) {
776 if (!pdb_new_rid(rid)) {
777 return NT_STATUS_ACCESS_DENIED;
780 *rid = algorithmic_pdb_gid_to_group_rid( grp->gr_gid );
783 sid_compose(&group_sid, get_global_sam_sid(), *rid);
785 return add_initial_entry(
787 dom_sid_str_buf(&group_sid, &tmp),
793 NTSTATUS pdb_create_dom_group(TALLOC_CTX *mem_ctx, const char *name,
796 struct pdb_methods *pdb = pdb_get_methods();
797 return pdb->create_dom_group(pdb, mem_ctx, name, rid);
800 static NTSTATUS pdb_default_delete_dom_group(struct pdb_methods *methods,
804 struct dom_sid group_sid;
808 const char *grp_name;
810 map = talloc_zero(mem_ctx, GROUP_MAP);
812 return NT_STATUS_NO_MEMORY;
816 map->gid = (gid_t) -1;
818 sid_compose(&group_sid, get_global_sam_sid(), rid);
820 if (!get_domain_group_from_sid(group_sid, map)) {
821 DEBUG(10, ("Could not find group for rid %d\n", rid));
822 return NT_STATUS_NO_SUCH_GROUP;
825 /* We need the group name for the smb_delete_group later on */
827 if (map->gid == (gid_t)-1) {
828 return NT_STATUS_NO_SUCH_GROUP;
831 grp = getgrgid(map->gid);
833 return NT_STATUS_NO_SUCH_GROUP;
838 /* Copy the name, no idea what pdb_delete_group_mapping_entry does.. */
840 grp_name = talloc_strdup(mem_ctx, grp->gr_name);
841 if (grp_name == NULL) {
842 return NT_STATUS_NO_MEMORY;
845 status = pdb_delete_group_mapping_entry(group_sid);
847 if (!NT_STATUS_IS_OK(status)) {
851 /* Don't check the result of smb_delete_group */
853 smb_delete_group(grp_name);
858 NTSTATUS pdb_delete_dom_group(TALLOC_CTX *mem_ctx, uint32_t rid)
860 struct pdb_methods *pdb = pdb_get_methods();
861 return pdb->delete_dom_group(pdb, mem_ctx, rid);
864 NTSTATUS pdb_add_group_mapping_entry(GROUP_MAP *map)
866 struct pdb_methods *pdb = pdb_get_methods();
867 return pdb->add_group_mapping_entry(pdb, map);
870 NTSTATUS pdb_update_group_mapping_entry(GROUP_MAP *map)
872 struct pdb_methods *pdb = pdb_get_methods();
873 return pdb->update_group_mapping_entry(pdb, map);
876 NTSTATUS pdb_delete_group_mapping_entry(struct dom_sid sid)
878 struct pdb_methods *pdb = pdb_get_methods();
879 return pdb->delete_group_mapping_entry(pdb, sid);
882 bool pdb_enum_group_mapping(const struct dom_sid *sid,
883 enum lsa_SidType sid_name_use,
884 GROUP_MAP ***pp_rmap,
885 size_t *p_num_entries,
888 struct pdb_methods *pdb = pdb_get_methods();
889 return NT_STATUS_IS_OK(pdb-> enum_group_mapping(pdb, sid, sid_name_use,
890 pp_rmap, p_num_entries, unix_only));
893 NTSTATUS pdb_enum_group_members(TALLOC_CTX *mem_ctx,
894 const struct dom_sid *sid,
895 uint32_t **pp_member_rids,
896 size_t *p_num_members)
898 struct pdb_methods *pdb = pdb_get_methods();
901 result = pdb->enum_group_members(pdb, mem_ctx,
902 sid, pp_member_rids, p_num_members);
904 /* special check for rid 513 */
906 if ( !NT_STATUS_IS_OK( result ) ) {
909 sid_peek_rid( sid, &rid );
911 if ( rid == DOMAIN_RID_USERS ) {
913 *pp_member_rids = NULL;
922 NTSTATUS pdb_enum_group_memberships(TALLOC_CTX *mem_ctx, struct samu *user,
923 struct dom_sid **pp_sids, gid_t **pp_gids,
924 uint32_t *p_num_groups)
926 struct pdb_methods *pdb = pdb_get_methods();
927 return pdb->enum_group_memberships(
929 pp_sids, pp_gids, p_num_groups);
932 static NTSTATUS pdb_default_set_unix_primary_group(struct pdb_methods *methods,
934 struct samu *sampass)
939 if (!sid_to_gid(pdb_get_group_sid(sampass), &gid) ||
940 (grp = getgrgid(gid)) == NULL) {
941 return NT_STATUS_INVALID_PRIMARY_GROUP;
944 if (smb_set_primary_group(grp->gr_name,
945 pdb_get_username(sampass)) != 0) {
946 return NT_STATUS_ACCESS_DENIED;
952 NTSTATUS pdb_set_unix_primary_group(TALLOC_CTX *mem_ctx, struct samu *user)
954 struct pdb_methods *pdb = pdb_get_methods();
955 return pdb->set_unix_primary_group(pdb, mem_ctx, user);
959 * Helper function to see whether a user is in a group. We can't use
960 * user_in_group_sid here because this creates dependencies only smbd can
964 static bool pdb_user_in_group(TALLOC_CTX *mem_ctx, struct samu *account,
965 const struct dom_sid *group_sid)
967 struct dom_sid *sids;
969 uint32_t i, num_groups;
971 if (!NT_STATUS_IS_OK(pdb_enum_group_memberships(mem_ctx, account,
977 for (i=0; i<num_groups; i++) {
978 if (dom_sid_equal(group_sid, &sids[i])) {
985 static NTSTATUS pdb_default_add_groupmem(struct pdb_methods *methods,
990 struct dom_sid group_sid, member_sid;
991 struct samu *account = NULL;
995 const char *group_name;
998 map = talloc_zero(mem_ctx, GROUP_MAP);
1000 return NT_STATUS_NO_MEMORY;
1004 map->gid = (gid_t) -1;
1006 sid_compose(&group_sid, get_global_sam_sid(), group_rid);
1007 sid_compose(&member_sid, get_global_sam_sid(), member_rid);
1009 if (!get_domain_group_from_sid(group_sid, map) ||
1010 (map->gid == (gid_t)-1) ||
1011 ((grp = getgrgid(map->gid)) == NULL)) {
1012 return NT_STATUS_NO_SUCH_GROUP;
1017 group_name = talloc_strdup(mem_ctx, grp->gr_name);
1018 if (group_name == NULL) {
1019 return NT_STATUS_NO_MEMORY;
1022 if ( !(account = samu_new( NULL )) ) {
1023 return NT_STATUS_NO_MEMORY;
1026 if (!pdb_getsampwsid(account, &member_sid) ||
1027 !sid_to_uid(&member_sid, &uid) ||
1028 ((pwd = getpwuid_alloc(mem_ctx, uid)) == NULL)) {
1029 return NT_STATUS_NO_SUCH_USER;
1032 if (pdb_user_in_group(mem_ctx, account, &group_sid)) {
1033 return NT_STATUS_MEMBER_IN_GROUP;
1037 * ok, the group exist, the user exist, the user is not in the group,
1038 * we can (finally) add it to the group !
1041 smb_add_user_group(group_name, pwd->pw_name);
1043 if (!pdb_user_in_group(mem_ctx, account, &group_sid)) {
1044 return NT_STATUS_ACCESS_DENIED;
1047 return NT_STATUS_OK;
1050 NTSTATUS pdb_add_groupmem(TALLOC_CTX *mem_ctx, uint32_t group_rid,
1051 uint32_t member_rid)
1053 struct pdb_methods *pdb = pdb_get_methods();
1054 return pdb->add_groupmem(pdb, mem_ctx, group_rid, member_rid);
1057 static NTSTATUS pdb_default_del_groupmem(struct pdb_methods *methods,
1058 TALLOC_CTX *mem_ctx,
1060 uint32_t member_rid)
1062 struct dom_sid group_sid, member_sid;
1063 struct samu *account = NULL;
1067 const char *group_name;
1070 map = talloc_zero(mem_ctx, GROUP_MAP);
1072 return NT_STATUS_NO_MEMORY;
1075 sid_compose(&group_sid, get_global_sam_sid(), group_rid);
1076 sid_compose(&member_sid, get_global_sam_sid(), member_rid);
1078 if (!get_domain_group_from_sid(group_sid, map) ||
1079 (map->gid == (gid_t)-1) ||
1080 ((grp = getgrgid(map->gid)) == NULL)) {
1081 return NT_STATUS_NO_SUCH_GROUP;
1086 group_name = talloc_strdup(mem_ctx, grp->gr_name);
1087 if (group_name == NULL) {
1088 return NT_STATUS_NO_MEMORY;
1091 if ( !(account = samu_new( NULL )) ) {
1092 return NT_STATUS_NO_MEMORY;
1095 if (!pdb_getsampwsid(account, &member_sid) ||
1096 !sid_to_uid(&member_sid, &uid) ||
1097 ((pwd = getpwuid_alloc(mem_ctx, uid)) == NULL)) {
1098 return NT_STATUS_NO_SUCH_USER;
1101 if (!pdb_user_in_group(mem_ctx, account, &group_sid)) {
1102 return NT_STATUS_MEMBER_NOT_IN_GROUP;
1106 * ok, the group exist, the user exist, the user is in the group,
1107 * we can (finally) delete it from the group!
1110 smb_delete_user_group(group_name, pwd->pw_name);
1112 if (pdb_user_in_group(mem_ctx, account, &group_sid)) {
1113 return NT_STATUS_ACCESS_DENIED;
1116 return NT_STATUS_OK;
1119 NTSTATUS pdb_del_groupmem(TALLOC_CTX *mem_ctx, uint32_t group_rid,
1120 uint32_t member_rid)
1122 struct pdb_methods *pdb = pdb_get_methods();
1123 return pdb->del_groupmem(pdb, mem_ctx, group_rid, member_rid);
1126 NTSTATUS pdb_create_alias(const char *name, uint32_t *rid)
1128 struct pdb_methods *pdb = pdb_get_methods();
1129 return pdb->create_alias(pdb, name, rid);
1132 NTSTATUS pdb_delete_alias(const struct dom_sid *sid)
1134 struct pdb_methods *pdb = pdb_get_methods();
1135 return pdb->delete_alias(pdb, sid);
1138 NTSTATUS pdb_get_aliasinfo(const struct dom_sid *sid, struct acct_info *info)
1140 struct pdb_methods *pdb = pdb_get_methods();
1141 return pdb->get_aliasinfo(pdb, sid, info);
1144 NTSTATUS pdb_set_aliasinfo(const struct dom_sid *sid, struct acct_info *info)
1146 struct pdb_methods *pdb = pdb_get_methods();
1147 return pdb->set_aliasinfo(pdb, sid, info);
1150 NTSTATUS pdb_add_aliasmem(const struct dom_sid *alias, const struct dom_sid *member)
1152 struct pdb_methods *pdb = pdb_get_methods();
1153 return pdb->add_aliasmem(pdb, alias, member);
1156 NTSTATUS pdb_del_aliasmem(const struct dom_sid *alias, const struct dom_sid *member)
1158 struct pdb_methods *pdb = pdb_get_methods();
1159 return pdb->del_aliasmem(pdb, alias, member);
1162 NTSTATUS pdb_enum_aliasmem(const struct dom_sid *alias, TALLOC_CTX *mem_ctx,
1163 struct dom_sid **pp_members, size_t *p_num_members)
1165 struct pdb_methods *pdb = pdb_get_methods();
1166 return pdb->enum_aliasmem(pdb, alias, mem_ctx, pp_members,
1170 NTSTATUS pdb_enum_alias_memberships(TALLOC_CTX *mem_ctx,
1171 const struct dom_sid *domain_sid,
1172 const struct dom_sid *members, size_t num_members,
1173 uint32_t **pp_alias_rids,
1174 size_t *p_num_alias_rids)
1176 struct pdb_methods *pdb = pdb_get_methods();
1177 return pdb->enum_alias_memberships(pdb, mem_ctx,
1179 members, num_members,
1184 NTSTATUS pdb_lookup_rids(const struct dom_sid *domain_sid,
1188 enum lsa_SidType *attrs)
1190 struct pdb_methods *pdb = pdb_get_methods();
1191 return pdb->lookup_rids(pdb, domain_sid, num_rids, rids, names, attrs);
1194 bool pdb_get_account_policy(enum pdb_policy_type type, uint32_t *value)
1196 struct pdb_methods *pdb = pdb_get_methods();
1200 status = pdb->get_account_policy(pdb, type, value);
1203 return NT_STATUS_IS_OK(status);
1206 bool pdb_set_account_policy(enum pdb_policy_type type, uint32_t value)
1208 struct pdb_methods *pdb = pdb_get_methods();
1212 status = pdb->set_account_policy(pdb, type, value);
1215 return NT_STATUS_IS_OK(status);
1218 bool pdb_get_seq_num(time_t *seq_num)
1220 struct pdb_methods *pdb = pdb_get_methods();
1221 return NT_STATUS_IS_OK(pdb->get_seq_num(pdb, seq_num));
1225 * Instead of passing down a gid or uid, this function sends down a pointer
1228 * This acts as an in-out variable so that the idmap functions can correctly
1229 * receive ID_TYPE_BOTH, filling in cache details correctly rather than forcing
1230 * the cache to store ID_TYPE_UID or ID_TYPE_GID.
1232 bool pdb_id_to_sid(struct unixid *id, struct dom_sid *sid)
1234 struct pdb_methods *pdb = pdb_get_methods();
1237 ret = pdb->id_to_sid(pdb, id, sid);
1240 idmap_cache_set_sid2unixid(sid, id);
1246 bool pdb_sid_to_id(const struct dom_sid *sid, struct unixid *id)
1248 struct pdb_methods *pdb = pdb_get_methods();
1251 /* only ask the backend if it is responsible */
1252 if (!sid_check_object_is_for_passdb(sid)) {
1256 ret = pdb->sid_to_id(pdb, sid, id);
1259 idmap_cache_set_sid2unixid(sid, id);
1265 uint32_t pdb_capabilities(void)
1267 struct pdb_methods *pdb = pdb_get_methods();
1268 return pdb->capabilities(pdb);
1271 /********************************************************************
1272 Allocate a new RID from the passdb backend. Verify that it is free
1273 by calling lookup_global_sam_rid() to verify that the RID is not
1274 in use. This handles servers that have existing users or groups
1275 with add RIDs (assigned from previous algorithmic mappings)
1276 ********************************************************************/
1278 bool pdb_new_rid(uint32_t *rid)
1280 struct pdb_methods *pdb = pdb_get_methods();
1281 const char *name = NULL;
1282 enum lsa_SidType type;
1283 uint32_t allocated_rid = 0;
1287 if ((pdb_capabilities() & PDB_CAP_STORE_RIDS) == 0) {
1288 DEBUG(0, ("Trying to allocate a RID when algorithmic RIDs "
1293 if (algorithmic_rid_base() != BASE_RID) {
1294 DEBUG(0, ("'algorithmic rid base' is set but a passdb backend "
1295 "without algorithmic RIDs is chosen.\n"));
1296 DEBUGADD(0, ("Please map all used groups using 'net groupmap "
1297 "add', set the maximum used RID\n"));
1298 DEBUGADD(0, ("and remove the parameter\n"));
1302 if ( (ctx = talloc_init("pdb_new_rid")) == NULL ) {
1303 DEBUG(0,("pdb_new_rid: Talloc initialization failure\n"));
1307 /* Attempt to get an unused RID (max tires is 250...yes that it is
1308 and arbitrary number I pulkled out of my head). -- jerry */
1310 for ( i=0; allocated_rid==0 && i<250; i++ ) {
1313 if ( !pdb->new_rid(pdb, &allocated_rid) ) {
1317 /* validate that the RID is not in use */
1319 if (lookup_global_sam_rid(ctx, allocated_rid, &name, &type, NULL, NULL)) {
1326 if ( allocated_rid == 0 ) {
1327 DEBUG(0,("pdb_new_rid: Failed to find unused RID\n"));
1331 *rid = allocated_rid;
1336 /***************************************************************
1337 Initialize the static context (at smbd startup etc).
1339 If uninitialised, context will auto-init on first use.
1340 ***************************************************************/
1342 bool initialize_password_db(bool reload, struct tevent_context *tevent_ctx)
1345 pdb_tevent_ctx = tevent_ctx;
1347 return (pdb_get_methods_reload(reload) != NULL);
1350 /***************************************************************************
1351 Default implementations of some functions.
1352 ****************************************************************************/
1354 static NTSTATUS pdb_default_getsampwnam (struct pdb_methods *methods, struct samu *user, const char *sname)
1356 return NT_STATUS_NO_SUCH_USER;
1359 static NTSTATUS pdb_default_getsampwsid(struct pdb_methods *my_methods, struct samu * user, const struct dom_sid *sid)
1361 return NT_STATUS_NO_SUCH_USER;
1364 static NTSTATUS pdb_default_add_sam_account (struct pdb_methods *methods, struct samu *newpwd)
1366 return NT_STATUS_NOT_IMPLEMENTED;
1369 static NTSTATUS pdb_default_update_sam_account (struct pdb_methods *methods, struct samu *newpwd)
1371 return NT_STATUS_NOT_IMPLEMENTED;
1374 static NTSTATUS pdb_default_delete_sam_account (struct pdb_methods *methods, struct samu *pwd)
1376 return NT_STATUS_NOT_IMPLEMENTED;
1379 static NTSTATUS pdb_default_rename_sam_account (struct pdb_methods *methods, struct samu *pwd, const char *newname)
1381 return NT_STATUS_NOT_IMPLEMENTED;
1384 static NTSTATUS pdb_default_update_login_attempts (struct pdb_methods *methods, struct samu *newpwd, bool success)
1386 /* Only the pdb_nds backend implements this, by
1387 * default just return ok. */
1388 return NT_STATUS_OK;
1391 static NTSTATUS pdb_default_get_account_policy(struct pdb_methods *methods, enum pdb_policy_type type, uint32_t *value)
1393 return account_policy_get(type, value) ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
1396 static NTSTATUS pdb_default_set_account_policy(struct pdb_methods *methods, enum pdb_policy_type type, uint32_t value)
1398 return account_policy_set(type, value) ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
1401 static NTSTATUS pdb_default_get_seq_num(struct pdb_methods *methods, time_t *seq_num)
1403 *seq_num = time(NULL);
1404 return NT_STATUS_OK;
1407 static bool pdb_default_uid_to_sid(struct pdb_methods *methods, uid_t uid,
1408 struct dom_sid *sid)
1410 struct samu *sampw = NULL;
1411 struct passwd *unix_pw;
1412 fstring pw_name = { 0 };
1415 unix_pw = getpwuid( uid );
1418 DEBUG(4,("pdb_default_uid_to_sid: host has no idea of uid "
1419 "%lu\n", (unsigned long)uid));
1423 if (unix_pw->pw_name == NULL) {
1424 DBG_DEBUG("No pw_name for uid %d\n", (int)uid);
1429 * Make a copy, "unix_pw" might go away soon.
1431 fstrcpy(pw_name, unix_pw->pw_name);
1433 if ( !(sampw = samu_new( NULL )) ) {
1434 DEBUG(0,("pdb_default_uid_to_sid: samu_new() failed!\n"));
1439 ret = NT_STATUS_IS_OK(methods->getsampwnam(methods, sampw, pw_name));
1443 DEBUG(5, ("pdb_default_uid_to_sid: Did not find user "
1444 "%s (%u)\n", unix_pw->pw_name, (unsigned int)uid));
1449 sid_copy(sid, pdb_get_user_sid(sampw));
1456 static bool pdb_default_gid_to_sid(struct pdb_methods *methods, gid_t gid,
1457 struct dom_sid *sid)
1461 map = talloc_zero(NULL, GROUP_MAP);
1466 if (!NT_STATUS_IS_OK(methods->getgrgid(methods, map, gid))) {
1471 sid_copy(sid, &map->sid);
1476 static bool pdb_default_id_to_sid(struct pdb_methods *methods, struct unixid *id,
1477 struct dom_sid *sid)
1481 return pdb_default_uid_to_sid(methods, id->id, sid);
1484 return pdb_default_gid_to_sid(methods, id->id, sid);
1491 * The "Unix User" and "Unix Group" domains have a special
1492 * id mapping that is a rid-algorithm with range starting at 0.
1494 bool pdb_sid_to_id_unix_users_and_groups(const struct dom_sid *sid,
1501 if (sid_peek_check_rid(&global_sid_Unix_Users, sid, &rid)) {
1503 id->type = ID_TYPE_UID;
1507 if (sid_peek_check_rid(&global_sid_Unix_Groups, sid, &rid)) {
1509 id->type = ID_TYPE_GID;
1516 static bool pdb_default_sid_to_id(struct pdb_methods *methods,
1517 const struct dom_sid *sid,
1520 TALLOC_CTX *mem_ctx;
1523 struct dom_sid_buf buf;
1527 mem_ctx = talloc_new(NULL);
1529 if (mem_ctx == NULL) {
1530 DEBUG(0, ("talloc_new failed\n"));
1534 if (sid_peek_check_rid(get_global_sam_sid(), sid, &rid)) {
1536 enum lsa_SidType type;
1537 uid_t uid = (uid_t)-1;
1538 gid_t gid = (gid_t)-1;
1539 /* Here we might have users as well as groups and aliases */
1540 ret = lookup_global_sam_rid(mem_ctx, rid, &name, &type, &uid, &gid);
1543 case SID_NAME_DOM_GRP:
1544 case SID_NAME_ALIAS:
1545 id->type = ID_TYPE_GID;
1549 id->type = ID_TYPE_UID;
1553 DEBUG(5, ("SID %s belongs to our domain, and "
1554 "an object exists in the database, "
1555 "but it is neither a user nor a "
1556 "group (got type %d).\n",
1557 dom_sid_str_buf(sid, &buf),
1562 DEBUG(5, ("SID %s belongs to our domain, but there is "
1563 "no corresponding object in the database.\n",
1564 dom_sid_str_buf(sid, &buf)));
1570 * "Unix User" and "Unix Group"
1572 ret = pdb_sid_to_id_unix_users_and_groups(sid, id);
1579 if (sid_check_is_in_builtin(sid) ||
1580 sid_check_is_in_wellknown_domain(sid)) {
1581 /* Here we only have aliases */
1584 map = talloc_zero(mem_ctx, GROUP_MAP);
1590 if (!NT_STATUS_IS_OK(methods->getgrsid(methods, map, *sid))) {
1591 DEBUG(10, ("Could not find map for sid %s\n",
1592 dom_sid_str_buf(sid, &buf)));
1595 if ((map->sid_name_use != SID_NAME_ALIAS) &&
1596 (map->sid_name_use != SID_NAME_WKN_GRP)) {
1597 DEBUG(10, ("Map for sid %s is a %s, expected an "
1599 dom_sid_str_buf(sid, &buf),
1600 sid_type_lookup(map->sid_name_use)));
1605 id->type = ID_TYPE_GID;
1610 DEBUG(5, ("Sid %s is neither ours, a Unix SID, nor builtin\n",
1611 dom_sid_str_buf(sid, &buf)));
1615 TALLOC_FREE(mem_ctx);
1619 static bool get_memberuids(TALLOC_CTX *mem_ctx, gid_t gid, uid_t **pp_uids, uint32_t *p_num)
1630 /* We only look at our own sam, so don't care about imported stuff */
1631 winbind_env = winbind_env_set();
1632 (void)winbind_off();
1634 if ((grp = getgrgid(gid)) == NULL) {
1635 /* allow winbindd lookups, but only if they weren't already disabled */
1639 /* Primary group members */
1641 while ((pwd = getpwent()) != NULL) {
1642 if (pwd->pw_gid == gid) {
1643 if (!add_uid_to_array_unique(mem_ctx, pwd->pw_uid,
1651 /* Secondary group members */
1652 for (gr = grp->gr_mem; (*gr != NULL) && ((*gr)[0] != '\0'); gr += 1) {
1653 struct passwd *pw = getpwnam(*gr);
1657 if (!add_uid_to_array_unique(mem_ctx, pw->pw_uid, pp_uids, p_num)) {
1666 /* allow winbindd lookups, but only if they weren't already disabled */
1674 static NTSTATUS pdb_default_enum_group_members(struct pdb_methods *methods,
1675 TALLOC_CTX *mem_ctx,
1676 const struct dom_sid *group,
1677 uint32_t **pp_member_rids,
1678 size_t *p_num_members)
1682 uint32_t i, num_uids;
1684 *pp_member_rids = NULL;
1687 if (!sid_to_gid(group, &gid))
1688 return NT_STATUS_NO_SUCH_GROUP;
1690 if(!get_memberuids(mem_ctx, gid, &uids, &num_uids))
1691 return NT_STATUS_NO_SUCH_GROUP;
1694 return NT_STATUS_OK;
1696 *pp_member_rids = talloc_zero_array(mem_ctx, uint32_t, num_uids);
1698 for (i=0; i<num_uids; i++) {
1701 uid_to_sid(&sid, uids[i]);
1703 if (!sid_check_is_in_our_sam(&sid)) {
1704 DEBUG(5, ("Inconsistent SAM -- group member uid not "
1705 "in our domain\n"));
1709 sid_peek_rid(&sid, &(*pp_member_rids)[*p_num_members]);
1710 *p_num_members += 1;
1713 return NT_STATUS_OK;
1716 static NTSTATUS pdb_default_enum_group_memberships(struct pdb_methods *methods,
1717 TALLOC_CTX *mem_ctx,
1719 struct dom_sid **pp_sids,
1721 uint32_t *p_num_groups)
1726 const char *username = pdb_get_username(user);
1729 /* Ignore the primary group SID. Honor the real Unix primary group.
1730 The primary group SID is only of real use to Windows clients */
1732 if ( !(pw = Get_Pwnam_alloc(mem_ctx, username)) ) {
1733 return NT_STATUS_NO_SUCH_USER;
1740 if (!getgroups_unix_user(mem_ctx, username, gid, pp_gids, p_num_groups)) {
1741 return NT_STATUS_NO_SUCH_USER;
1744 if (*p_num_groups == 0) {
1745 smb_panic("primary group missing");
1748 *pp_sids = talloc_array(mem_ctx, struct dom_sid, *p_num_groups);
1750 if (*pp_sids == NULL) {
1751 TALLOC_FREE(*pp_gids);
1752 return NT_STATUS_NO_MEMORY;
1755 for (i=0; i<*p_num_groups; i++) {
1756 gid_to_sid(&(*pp_sids)[i], (*pp_gids)[i]);
1759 return NT_STATUS_OK;
1762 /*******************************************************************
1763 Look up a rid in the SAM we're responsible for (i.e. passdb)
1764 ********************************************************************/
1766 static bool lookup_global_sam_rid(TALLOC_CTX *mem_ctx, uint32_t rid,
1768 enum lsa_SidType *psid_name_use,
1769 uid_t *uid, gid_t *gid)
1771 struct samu *sam_account = NULL;
1772 GROUP_MAP *map = NULL;
1776 *psid_name_use = SID_NAME_UNKNOWN;
1778 DEBUG(5,("lookup_global_sam_rid: looking up RID %u.\n",
1779 (unsigned int)rid));
1781 sid_compose(&sid, get_global_sam_sid(), rid);
1783 /* see if the passdb can help us with the name of the user */
1785 if ( !(sam_account = samu_new( NULL )) ) {
1789 map = talloc_zero(mem_ctx, GROUP_MAP);
1794 /* BEING ROOT BLOCK */
1796 ret = pdb_getsampwsid(sam_account, &sid);
1798 TALLOC_FREE(sam_account);
1799 ret = pdb_getgrsid(map, sid);
1802 /* END BECOME_ROOT BLOCK */
1804 if (sam_account || !ret) {
1811 *name = talloc_strdup(mem_ctx, pdb_get_username(sam_account));
1813 TALLOC_FREE(sam_account);
1817 *psid_name_use = SID_NAME_USER;
1819 TALLOC_FREE(sam_account);
1825 pw = Get_Pwnam_alloc(talloc_tos(), *name);
1833 } else if (map && (map->gid != (gid_t)-1)) {
1835 /* do not resolve SIDs to a name unless there is a valid
1836 gid associated with it */
1838 *name = talloc_steal(mem_ctx, map->nt_name);
1839 *psid_name_use = map->sid_name_use;
1851 /* Windows will always map RID 513 to something. On a non-domain
1852 controller, this gets mapped to SERVER\None. */
1855 DEBUG(5, ("Can't find a unix id for an unmapped group\n"));
1859 if ( rid == DOMAIN_RID_USERS ) {
1860 *name = talloc_strdup(mem_ctx, "None" );
1861 *psid_name_use = SID_NAME_DOM_GRP;
1869 static NTSTATUS pdb_default_lookup_rids(struct pdb_methods *methods,
1870 const struct dom_sid *domain_sid,
1874 enum lsa_SidType *attrs)
1878 bool have_mapped = False;
1879 bool have_unmapped = False;
1881 if (sid_check_is_builtin(domain_sid)) {
1883 for (i=0; i<num_rids; i++) {
1886 if (lookup_builtin_rid(names, rids[i], &name)) {
1887 attrs[i] = SID_NAME_ALIAS;
1889 DEBUG(5,("lookup_rids: %s:%d\n",
1890 names[i], attrs[i]));
1893 have_unmapped = True;
1894 attrs[i] = SID_NAME_UNKNOWN;
1900 /* Should not happen, but better check once too many */
1901 if (!sid_check_is_our_sam(domain_sid)) {
1902 return NT_STATUS_INVALID_HANDLE;
1905 for (i = 0; i < num_rids; i++) {
1908 if (lookup_global_sam_rid(names, rids[i], &name, &attrs[i],
1911 return NT_STATUS_NO_MEMORY;
1914 DEBUG(5,("lookup_rids: %s:%d\n", names[i], attrs[i]));
1917 have_unmapped = True;
1918 attrs[i] = SID_NAME_UNKNOWN;
1924 result = NT_STATUS_NONE_MAPPED;
1927 result = have_unmapped ? STATUS_SOME_UNMAPPED : NT_STATUS_OK;
1932 static int pdb_search_destructor(struct pdb_search *search)
1934 if ((!search->search_ended) && (search->search_end != NULL)) {
1935 search->search_end(search);
1940 struct pdb_search *pdb_search_init(TALLOC_CTX *mem_ctx,
1941 enum pdb_search_type type)
1943 struct pdb_search *result;
1945 result = talloc(mem_ctx, struct pdb_search);
1946 if (result == NULL) {
1947 DEBUG(0, ("talloc failed\n"));
1951 result->type = type;
1952 result->cache = NULL;
1953 result->num_entries = 0;
1954 result->cache_size = 0;
1955 result->search_ended = False;
1956 result->search_end = NULL;
1958 /* Segfault appropriately if not initialized */
1959 result->next_entry = NULL;
1960 result->search_end = NULL;
1962 talloc_set_destructor(result, pdb_search_destructor);
1967 static void fill_displayentry(TALLOC_CTX *mem_ctx, uint32_t rid,
1968 uint16_t acct_flags,
1969 const char *account_name,
1970 const char *fullname,
1971 const char *description,
1972 struct samr_displayentry *entry)
1975 entry->acct_flags = acct_flags;
1977 if (account_name != NULL)
1978 entry->account_name = talloc_strdup(mem_ctx, account_name);
1980 entry->account_name = "";
1982 if (fullname != NULL)
1983 entry->fullname = talloc_strdup(mem_ctx, fullname);
1985 entry->fullname = "";
1987 if (description != NULL)
1988 entry->description = talloc_strdup(mem_ctx, description);
1990 entry->description = "";
1993 struct group_search {
1995 size_t num_groups, current_group;
1998 static bool next_entry_groups(struct pdb_search *s,
1999 struct samr_displayentry *entry)
2001 struct group_search *state = (struct group_search *)s->private_data;
2005 if (state->current_group == state->num_groups)
2008 map = state->groups[state->current_group];
2010 sid_peek_rid(&map->sid, &rid);
2012 fill_displayentry(s, rid, 0, map->nt_name, NULL, map->comment, entry);
2014 state->current_group += 1;
2018 static void search_end_groups(struct pdb_search *search)
2020 struct group_search *state =
2021 (struct group_search *)search->private_data;
2022 TALLOC_FREE(state->groups);
2025 static bool pdb_search_grouptype(struct pdb_methods *methods,
2026 struct pdb_search *search,
2027 const struct dom_sid *sid, enum lsa_SidType type)
2029 struct group_search *state;
2031 state = talloc_zero(search, struct group_search);
2032 if (state == NULL) {
2033 DEBUG(0, ("talloc failed\n"));
2037 if (!NT_STATUS_IS_OK(methods->enum_group_mapping(methods, sid, type,
2038 &state->groups, &state->num_groups,
2040 DEBUG(0, ("Could not enum groups\n"));
2044 state->current_group = 0;
2045 search->private_data = state;
2046 search->next_entry = next_entry_groups;
2047 search->search_end = search_end_groups;
2051 static bool pdb_default_search_groups(struct pdb_methods *methods,
2052 struct pdb_search *search)
2054 return pdb_search_grouptype(methods, search, get_global_sam_sid(), SID_NAME_DOM_GRP);
2057 static bool pdb_default_search_aliases(struct pdb_methods *methods,
2058 struct pdb_search *search,
2059 const struct dom_sid *sid)
2062 return pdb_search_grouptype(methods, search, sid, SID_NAME_ALIAS);
2065 static struct samr_displayentry *pdb_search_getentry(struct pdb_search *search,
2068 if (idx < search->num_entries)
2069 return &search->cache[idx];
2071 if (search->search_ended)
2074 while (idx >= search->num_entries) {
2075 struct samr_displayentry entry;
2077 if (!search->next_entry(search, &entry)) {
2078 search->search_end(search);
2079 search->search_ended = True;
2083 ADD_TO_LARGE_ARRAY(search, struct samr_displayentry,
2084 entry, &search->cache, &search->num_entries,
2085 &search->cache_size);
2088 return (search->num_entries > idx) ? &search->cache[idx] : NULL;
2091 struct pdb_search *pdb_search_users(TALLOC_CTX *mem_ctx, uint32_t acct_flags)
2093 struct pdb_methods *pdb = pdb_get_methods();
2094 struct pdb_search *result;
2096 result = pdb_search_init(mem_ctx, PDB_USER_SEARCH);
2097 if (result == NULL) {
2101 if (!pdb->search_users(pdb, result, acct_flags)) {
2102 TALLOC_FREE(result);
2108 struct pdb_search *pdb_search_groups(TALLOC_CTX *mem_ctx)
2110 struct pdb_methods *pdb = pdb_get_methods();
2111 struct pdb_search *result;
2113 result = pdb_search_init(mem_ctx, PDB_GROUP_SEARCH);
2114 if (result == NULL) {
2118 if (!pdb->search_groups(pdb, result)) {
2119 TALLOC_FREE(result);
2125 struct pdb_search *pdb_search_aliases(TALLOC_CTX *mem_ctx, const struct dom_sid *sid)
2127 struct pdb_methods *pdb = pdb_get_methods();
2128 struct pdb_search *result;
2130 if (pdb == NULL) return NULL;
2132 result = pdb_search_init(mem_ctx, PDB_ALIAS_SEARCH);
2133 if (result == NULL) {
2137 if (!pdb->search_aliases(pdb, result, sid)) {
2138 TALLOC_FREE(result);
2144 uint32_t pdb_search_entries(struct pdb_search *search,
2145 uint32_t start_idx, uint32_t max_entries,
2146 struct samr_displayentry **result)
2148 struct samr_displayentry *end_entry;
2149 uint32_t end_idx = start_idx+max_entries-1;
2151 /* The first entry needs to be searched after the last. Otherwise the
2152 * first entry might have moved due to a realloc during the search for
2153 * the last entry. */
2155 end_entry = pdb_search_getentry(search, end_idx);
2156 *result = pdb_search_getentry(search, start_idx);
2158 if (end_entry != NULL)
2161 if (start_idx >= search->num_entries)
2164 return search->num_entries - start_idx;
2167 /*******************************************************************
2169 *******************************************************************/
2171 bool pdb_get_trusteddom_pw(const char *domain, char** pwd, struct dom_sid *sid,
2172 time_t *pass_last_set_time)
2174 struct pdb_methods *pdb = pdb_get_methods();
2175 return pdb->get_trusteddom_pw(pdb, domain, pwd, sid,
2176 pass_last_set_time);
2179 NTSTATUS pdb_get_trusteddom_creds(const char *domain, TALLOC_CTX *mem_ctx,
2180 struct cli_credentials **creds)
2182 struct pdb_methods *pdb = pdb_get_methods();
2183 return pdb->get_trusteddom_creds(pdb, domain, mem_ctx, creds);
2186 bool pdb_set_trusteddom_pw(const char* domain, const char* pwd,
2187 const struct dom_sid *sid)
2189 struct pdb_methods *pdb = pdb_get_methods();
2190 return pdb->set_trusteddom_pw(pdb, domain, pwd, sid);
2193 bool pdb_del_trusteddom_pw(const char *domain)
2195 struct pdb_methods *pdb = pdb_get_methods();
2196 return pdb->del_trusteddom_pw(pdb, domain);
2199 NTSTATUS pdb_enum_trusteddoms(TALLOC_CTX *mem_ctx, uint32_t *num_domains,
2200 struct trustdom_info ***domains)
2202 struct pdb_methods *pdb = pdb_get_methods();
2203 return pdb->enum_trusteddoms(pdb, mem_ctx, num_domains, domains);
2206 /*******************************************************************
2207 the defaults for trustdom methods:
2208 these simply call the original passdb/secrets.c actions,
2209 to be replaced by pdb_ldap.
2210 *******************************************************************/
2212 static bool pdb_default_get_trusteddom_pw(struct pdb_methods *methods,
2215 struct dom_sid *sid,
2216 time_t *pass_last_set_time)
2218 return secrets_fetch_trusted_domain_password(domain, pwd,
2219 sid, pass_last_set_time);
2223 static NTSTATUS pdb_default_get_trusteddom_creds(struct pdb_methods *methods,
2225 TALLOC_CTX *mem_ctx,
2226 struct cli_credentials **creds)
2229 return NT_STATUS_NOT_IMPLEMENTED;
2232 static bool pdb_default_set_trusteddom_pw(struct pdb_methods *methods,
2235 const struct dom_sid *sid)
2237 return secrets_store_trusted_domain_password(domain, pwd, sid);
2240 static bool pdb_default_del_trusteddom_pw(struct pdb_methods *methods,
2243 return trusted_domain_password_delete(domain);
2246 static NTSTATUS pdb_default_enum_trusteddoms(struct pdb_methods *methods,
2247 TALLOC_CTX *mem_ctx,
2248 uint32_t *num_domains,
2249 struct trustdom_info ***domains)
2251 return secrets_trusted_domains(mem_ctx, num_domains, domains);
2254 /*******************************************************************
2255 trusted_domain methods
2256 *******************************************************************/
2258 NTSTATUS pdb_get_trusted_domain(TALLOC_CTX *mem_ctx, const char *domain,
2259 struct pdb_trusted_domain **td)
2261 struct pdb_methods *pdb = pdb_get_methods();
2262 return pdb->get_trusted_domain(pdb, mem_ctx, domain, td);
2265 NTSTATUS pdb_get_trusted_domain_by_sid(TALLOC_CTX *mem_ctx, struct dom_sid *sid,
2266 struct pdb_trusted_domain **td)
2268 struct pdb_methods *pdb = pdb_get_methods();
2269 return pdb->get_trusted_domain_by_sid(pdb, mem_ctx, sid, td);
2272 NTSTATUS pdb_set_trusted_domain(const char* domain,
2273 const struct pdb_trusted_domain *td)
2275 struct pdb_methods *pdb = pdb_get_methods();
2276 return pdb->set_trusted_domain(pdb, domain, td);
2279 NTSTATUS pdb_del_trusted_domain(const char *domain)
2281 struct pdb_methods *pdb = pdb_get_methods();
2282 return pdb->del_trusted_domain(pdb, domain);
2285 NTSTATUS pdb_enum_trusted_domains(TALLOC_CTX *mem_ctx, uint32_t *num_domains,
2286 struct pdb_trusted_domain ***domains)
2288 struct pdb_methods *pdb = pdb_get_methods();
2289 return pdb->enum_trusted_domains(pdb, mem_ctx, num_domains, domains);
2292 static NTSTATUS pdb_default_get_trusted_domain(struct pdb_methods *methods,
2293 TALLOC_CTX *mem_ctx,
2295 struct pdb_trusted_domain **td)
2297 struct trustAuthInOutBlob taiob;
2298 struct AuthenticationInformation aia;
2299 struct pdb_trusted_domain *tdom;
2300 enum ndr_err_code ndr_err;
2301 time_t last_set_time;
2305 tdom = talloc(mem_ctx, struct pdb_trusted_domain);
2307 return NT_STATUS_NO_MEMORY;
2310 tdom->domain_name = talloc_strdup(tdom, domain);
2311 tdom->netbios_name = talloc_strdup(tdom, domain);
2312 if (!tdom->domain_name || !tdom->netbios_name) {
2314 return NT_STATUS_NO_MEMORY;
2317 tdom->trust_auth_incoming = data_blob_null;
2319 ok = pdb_get_trusteddom_pw(domain, &pwd, &tdom->security_identifier,
2323 return NT_STATUS_UNSUCCESSFUL;
2329 taiob.current.count = 1;
2330 taiob.current.array = &aia;
2331 unix_to_nt_time(&aia.LastUpdateTime, last_set_time);
2333 aia.AuthType = TRUST_AUTH_TYPE_CLEAR;
2334 aia.AuthInfo.clear.size = strlen(pwd);
2335 aia.AuthInfo.clear.password = (uint8_t *)talloc_memdup(tdom, pwd,
2336 aia.AuthInfo.clear.size);
2338 if (aia.AuthInfo.clear.password == NULL) {
2340 return NT_STATUS_NO_MEMORY;
2343 taiob.previous.count = 0;
2344 taiob.previous.array = NULL;
2346 ndr_err = ndr_push_struct_blob(&tdom->trust_auth_outgoing,
2348 (ndr_push_flags_fn_t)ndr_push_trustAuthInOutBlob);
2349 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
2351 return NT_STATUS_UNSUCCESSFUL;
2354 tdom->trust_direction = LSA_TRUST_DIRECTION_OUTBOUND;
2355 tdom->trust_type = LSA_TRUST_TYPE_DOWNLEVEL;
2356 tdom->trust_attributes = 0;
2357 tdom->trust_forest_trust_info = data_blob_null;
2360 return NT_STATUS_OK;
2363 static NTSTATUS pdb_default_get_trusted_domain_by_sid(struct pdb_methods *methods,
2364 TALLOC_CTX *mem_ctx,
2365 struct dom_sid *sid,
2366 struct pdb_trusted_domain **td)
2368 return NT_STATUS_NOT_IMPLEMENTED;
2371 #define IS_NULL_DATA_BLOB(d) ((d).data == NULL && (d).length == 0)
2373 static NTSTATUS pdb_default_set_trusted_domain(struct pdb_methods *methods,
2375 const struct pdb_trusted_domain *td)
2377 struct trustAuthInOutBlob taiob;
2378 struct AuthenticationInformation *aia;
2379 enum ndr_err_code ndr_err;
2383 if (td->trust_attributes != 0 ||
2384 td->trust_type != LSA_TRUST_TYPE_DOWNLEVEL ||
2385 td->trust_direction != LSA_TRUST_DIRECTION_OUTBOUND ||
2386 !IS_NULL_DATA_BLOB(td->trust_auth_incoming) ||
2387 !IS_NULL_DATA_BLOB(td->trust_forest_trust_info)) {
2388 return NT_STATUS_NOT_IMPLEMENTED;
2392 ndr_err = ndr_pull_struct_blob(&td->trust_auth_outgoing, talloc_tos(),
2394 (ndr_pull_flags_fn_t)ndr_pull_trustAuthInOutBlob);
2395 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
2396 return NT_STATUS_UNSUCCESSFUL;
2399 aia = (struct AuthenticationInformation *) taiob.current.array;
2401 if (taiob.count != 1 || taiob.current.count != 1 ||
2402 taiob.previous.count != 0 ||
2403 aia->AuthType != TRUST_AUTH_TYPE_CLEAR) {
2404 return NT_STATUS_NOT_IMPLEMENTED;
2407 pwd = talloc_strndup(talloc_tos(), (char *) aia->AuthInfo.clear.password,
2408 aia->AuthInfo.clear.size);
2410 return NT_STATUS_NO_MEMORY;
2413 ok = pdb_set_trusteddom_pw(domain, pwd, &td->security_identifier);
2415 return NT_STATUS_UNSUCCESSFUL;
2418 return NT_STATUS_OK;
2421 static NTSTATUS pdb_default_del_trusted_domain(struct pdb_methods *methods,
2424 return NT_STATUS_NOT_IMPLEMENTED;
2427 static NTSTATUS pdb_default_enum_trusted_domains(struct pdb_methods *methods,
2428 TALLOC_CTX *mem_ctx,
2429 uint32_t *num_domains,
2430 struct pdb_trusted_domain ***domains)
2432 return NT_STATUS_NOT_IMPLEMENTED;
2435 static struct pdb_domain_info *pdb_default_get_domain_info(
2436 struct pdb_methods *m, TALLOC_CTX *mem_ctx)
2441 /*****************************************************************
2443 *****************************************************************/
2444 static NTSTATUS pdb_default_enum_upn_suffixes(struct pdb_methods *pdb,
2445 TALLOC_CTX *mem_ctx,
2446 uint32_t *num_suffixes,
2449 return NT_STATUS_NOT_IMPLEMENTED;
2452 static NTSTATUS pdb_default_set_upn_suffixes(struct pdb_methods *pdb,
2453 uint32_t num_suffixes,
2454 const char **suffixes)
2456 return NT_STATUS_NOT_IMPLEMENTED;
2459 NTSTATUS pdb_enum_upn_suffixes(TALLOC_CTX *mem_ctx,
2460 uint32_t *num_suffixes,
2463 struct pdb_methods *pdb = pdb_get_methods();
2464 return pdb->enum_upn_suffixes(pdb, mem_ctx, num_suffixes, suffixes);
2467 NTSTATUS pdb_set_upn_suffixes(uint32_t num_suffixes,
2468 const char **suffixes)
2470 struct pdb_methods *pdb = pdb_get_methods();
2471 return pdb->set_upn_suffixes(pdb, num_suffixes, suffixes);
2474 /*******************************************************************
2475 idmap control methods
2476 *******************************************************************/
2477 static bool pdb_default_is_responsible_for_our_sam(
2478 struct pdb_methods *methods)
2483 static bool pdb_default_is_responsible_for_builtin(
2484 struct pdb_methods *methods)
2489 static bool pdb_default_is_responsible_for_wellknown(
2490 struct pdb_methods *methods)
2495 static bool pdb_default_is_responsible_for_unix_users(
2496 struct pdb_methods *methods)
2501 static bool pdb_default_is_responsible_for_unix_groups(
2502 struct pdb_methods *methods)
2507 static bool pdb_default_is_responsible_for_everything_else(
2508 struct pdb_methods *methods)
2513 bool pdb_is_responsible_for_our_sam(void)
2515 struct pdb_methods *pdb = pdb_get_methods();
2516 return pdb->is_responsible_for_our_sam(pdb);
2519 bool pdb_is_responsible_for_builtin(void)
2521 struct pdb_methods *pdb = pdb_get_methods();
2522 return pdb->is_responsible_for_builtin(pdb);
2525 bool pdb_is_responsible_for_wellknown(void)
2527 struct pdb_methods *pdb = pdb_get_methods();
2528 return pdb->is_responsible_for_wellknown(pdb);
2531 bool pdb_is_responsible_for_unix_users(void)
2533 struct pdb_methods *pdb = pdb_get_methods();
2534 return pdb->is_responsible_for_unix_users(pdb);
2537 bool pdb_is_responsible_for_unix_groups(void)
2539 struct pdb_methods *pdb = pdb_get_methods();
2540 return pdb->is_responsible_for_unix_groups(pdb);
2543 bool pdb_is_responsible_for_everything_else(void)
2545 struct pdb_methods *pdb = pdb_get_methods();
2546 return pdb->is_responsible_for_everything_else(pdb);
2549 /*******************************************************************
2551 *******************************************************************/
2553 NTSTATUS pdb_get_secret(TALLOC_CTX *mem_ctx,
2554 const char *secret_name,
2555 DATA_BLOB *secret_current,
2556 NTTIME *secret_current_lastchange,
2557 DATA_BLOB *secret_old,
2558 NTTIME *secret_old_lastchange,
2559 struct security_descriptor **sd)
2561 struct pdb_methods *pdb = pdb_get_methods();
2562 return pdb->get_secret(pdb, mem_ctx, secret_name,
2563 secret_current, secret_current_lastchange,
2564 secret_old, secret_old_lastchange,
2568 NTSTATUS pdb_set_secret(const char *secret_name,
2569 DATA_BLOB *secret_current,
2570 DATA_BLOB *secret_old,
2571 struct security_descriptor *sd)
2573 struct pdb_methods *pdb = pdb_get_methods();
2574 return pdb->set_secret(pdb, secret_name,
2580 NTSTATUS pdb_delete_secret(const char *secret_name)
2582 struct pdb_methods *pdb = pdb_get_methods();
2583 return pdb->delete_secret(pdb, secret_name);
2586 static NTSTATUS pdb_default_get_secret(struct pdb_methods *methods,
2587 TALLOC_CTX *mem_ctx,
2588 const char *secret_name,
2589 DATA_BLOB *secret_current,
2590 NTTIME *secret_current_lastchange,
2591 DATA_BLOB *secret_old,
2592 NTTIME *secret_old_lastchange,
2593 struct security_descriptor **sd)
2595 return lsa_secret_get(mem_ctx, secret_name,
2597 secret_current_lastchange,
2599 secret_old_lastchange,
2603 static NTSTATUS pdb_default_set_secret(struct pdb_methods *methods,
2604 const char *secret_name,
2605 DATA_BLOB *secret_current,
2606 DATA_BLOB *secret_old,
2607 struct security_descriptor *sd)
2609 return lsa_secret_set(secret_name,
2615 static NTSTATUS pdb_default_delete_secret(struct pdb_methods *methods,
2616 const char *secret_name)
2618 return lsa_secret_delete(secret_name);
2621 /*******************************************************************
2622 Create a pdb_methods structure and initialize it with the default
2623 operations. In this way a passdb module can simply implement
2624 the functionality it cares about. However, normally this is done
2625 in groups of related functions.
2626 *******************************************************************/
2628 NTSTATUS make_pdb_method( struct pdb_methods **methods )
2630 /* allocate memory for the structure as its own talloc CTX */
2632 *methods = talloc_zero(NULL, struct pdb_methods);
2633 if (*methods == NULL) {
2634 return NT_STATUS_NO_MEMORY;
2637 (*methods)->get_domain_info = pdb_default_get_domain_info;
2638 (*methods)->getsampwnam = pdb_default_getsampwnam;
2639 (*methods)->getsampwsid = pdb_default_getsampwsid;
2640 (*methods)->create_user = pdb_default_create_user;
2641 (*methods)->delete_user = pdb_default_delete_user;
2642 (*methods)->add_sam_account = pdb_default_add_sam_account;
2643 (*methods)->update_sam_account = pdb_default_update_sam_account;
2644 (*methods)->delete_sam_account = pdb_default_delete_sam_account;
2645 (*methods)->rename_sam_account = pdb_default_rename_sam_account;
2646 (*methods)->update_login_attempts = pdb_default_update_login_attempts;
2648 (*methods)->getgrsid = pdb_default_getgrsid;
2649 (*methods)->getgrgid = pdb_default_getgrgid;
2650 (*methods)->getgrnam = pdb_default_getgrnam;
2651 (*methods)->create_dom_group = pdb_default_create_dom_group;
2652 (*methods)->delete_dom_group = pdb_default_delete_dom_group;
2653 (*methods)->add_group_mapping_entry = pdb_default_add_group_mapping_entry;
2654 (*methods)->update_group_mapping_entry = pdb_default_update_group_mapping_entry;
2655 (*methods)->delete_group_mapping_entry = pdb_default_delete_group_mapping_entry;
2656 (*methods)->enum_group_mapping = pdb_default_enum_group_mapping;
2657 (*methods)->enum_group_members = pdb_default_enum_group_members;
2658 (*methods)->enum_group_memberships = pdb_default_enum_group_memberships;
2659 (*methods)->set_unix_primary_group = pdb_default_set_unix_primary_group;
2660 (*methods)->add_groupmem = pdb_default_add_groupmem;
2661 (*methods)->del_groupmem = pdb_default_del_groupmem;
2662 (*methods)->create_alias = pdb_default_create_alias;
2663 (*methods)->delete_alias = pdb_default_delete_alias;
2664 (*methods)->get_aliasinfo = pdb_default_get_aliasinfo;
2665 (*methods)->set_aliasinfo = pdb_default_set_aliasinfo;
2666 (*methods)->add_aliasmem = pdb_default_add_aliasmem;
2667 (*methods)->del_aliasmem = pdb_default_del_aliasmem;
2668 (*methods)->enum_aliasmem = pdb_default_enum_aliasmem;
2669 (*methods)->enum_alias_memberships = pdb_default_alias_memberships;
2670 (*methods)->lookup_rids = pdb_default_lookup_rids;
2671 (*methods)->get_account_policy = pdb_default_get_account_policy;
2672 (*methods)->set_account_policy = pdb_default_set_account_policy;
2673 (*methods)->get_seq_num = pdb_default_get_seq_num;
2674 (*methods)->id_to_sid = pdb_default_id_to_sid;
2675 (*methods)->sid_to_id = pdb_default_sid_to_id;
2677 (*methods)->search_groups = pdb_default_search_groups;
2678 (*methods)->search_aliases = pdb_default_search_aliases;
2680 (*methods)->get_trusteddom_pw = pdb_default_get_trusteddom_pw;
2681 (*methods)->get_trusteddom_creds = pdb_default_get_trusteddom_creds;
2682 (*methods)->set_trusteddom_pw = pdb_default_set_trusteddom_pw;
2683 (*methods)->del_trusteddom_pw = pdb_default_del_trusteddom_pw;
2684 (*methods)->enum_trusteddoms = pdb_default_enum_trusteddoms;
2686 (*methods)->get_trusted_domain = pdb_default_get_trusted_domain;
2687 (*methods)->get_trusted_domain_by_sid = pdb_default_get_trusted_domain_by_sid;
2688 (*methods)->set_trusted_domain = pdb_default_set_trusted_domain;
2689 (*methods)->del_trusted_domain = pdb_default_del_trusted_domain;
2690 (*methods)->enum_trusted_domains = pdb_default_enum_trusted_domains;
2692 (*methods)->get_secret = pdb_default_get_secret;
2693 (*methods)->set_secret = pdb_default_set_secret;
2694 (*methods)->delete_secret = pdb_default_delete_secret;
2696 (*methods)->enum_upn_suffixes = pdb_default_enum_upn_suffixes;
2697 (*methods)->set_upn_suffixes = pdb_default_set_upn_suffixes;
2699 (*methods)->is_responsible_for_our_sam =
2700 pdb_default_is_responsible_for_our_sam;
2701 (*methods)->is_responsible_for_builtin =
2702 pdb_default_is_responsible_for_builtin;
2703 (*methods)->is_responsible_for_wellknown =
2704 pdb_default_is_responsible_for_wellknown;
2705 (*methods)->is_responsible_for_unix_users =
2706 pdb_default_is_responsible_for_unix_users;
2707 (*methods)->is_responsible_for_unix_groups =
2708 pdb_default_is_responsible_for_unix_groups;
2709 (*methods)->is_responsible_for_everything_else =
2710 pdb_default_is_responsible_for_everything_else;
2712 return NT_STATUS_OK;